CVSS: 9.8EPSS: 6%CPEs: 92EXPL: 0CVE-2013-4531 – Mandriva Linux Security Advisory 2014-220
https://notcve.org/view.php?id=CVE-2013-4531
08 Sep 2014 — Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in cpreg_vmstate_array_len in a savevm image. Desbordamiento de buffer en target-arm/machine.c en QEMU anterior a 1.7.2 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario a través de un valor negativo en cpreg_vmstate_array_len en un imagen savevm. Sibiao Luo discovered that QEMU incorre... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d2ef4b61fe6d33d2a5dcf100a9b9440de341ad62 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3471 – Gentoo Linux Security Advisory 201412-01
https://notcve.org/view.php?id=CVE-2014-3471
08 Sep 2014 — Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio block devices. Vulnerabilidad de uso de memoria previamente liberada en hw/pci/pcie.c en QEMU (también conocido como Quick Emulator) permite que usuarios invitados locales del sistema operativo provoquen una denegación de servicio (cierre inesperado de la instancia QEMU) mediante las operaciones hotplug y hotu... • http://security.gentoo.org/glsa/glsa-201412-01.xml • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2013-4532 – Ubuntu Security Notice USN-2342-1
https://notcve.org/view.php?id=CVE-2013-4532
08 Sep 2014 — Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. Qemu versión 1.1.2+dfsg hasta 2.1+dfsg sufre un desbordamiento de búfer que podría resultar en una ejecución de código arbitrario en el host con los privilegios del proceso QEMU. Michael S. Tsirkin, Anthony Liguori, and Michael Roth discovered multiple issues with QEMU state loading after migration. An attacker able to modify the state data... • http://www.ubuntu.com/usn/USN-2342-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 6%CPEs: 92EXPL: 0CVE-2013-4534 – Mandriva Linux Security Advisory 2014-220
https://notcve.org/view.php?id=CVE-2013-4534
08 Sep 2014 — Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements. Desbordamiento de buffer en hw/intc/openpic.c en QEMU anterior a 1.7.2 permite a atacantes remotos causar una denegación de o posiblemente ejecutar código arbitrario a través de vectores relacionados con elementos IRQDest. Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. A local user could possibly... • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=73d963c0a75cb99c6aaa3f6f25e427aa0b35a02e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 5%CPEs: 94EXPL: 0CVE-2013-4540 – Mandriva Linux Security Advisory 2014-220
https://notcve.org/view.php?id=CVE-2013-4540
08 Sep 2014 — Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image. Desbordamiento de buffer en scoop_gpio_handler_update en QEMU anterior a 1.7.2 podría permitir a atacantes remotos ejecutar código arbitrario a través de un valor (1) prev_level, (2) gpio_level, o (3) gpio_dir grande en un imagen savevm. Sibiao Luo discovered that QEMU incorrectly handled device hot-unplu... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=52f91c3723932f8340fe36c8ec8b18a757c37b2b • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.4EPSS: 6%CPEs: 92EXPL: 0CVE-2013-4533 – Mandriva Linux Security Advisory 2014-220
https://notcve.org/view.php?id=CVE-2013-4533
08 Sep 2014 — Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image. Desbordamiento de buffer en la función pxa2xx_ssp_load en hw/arm/pxa2xx.c en QEMU anterior a 1.7.2 permite a atacantes remotos causar una denegación de servicio o posiblemente ejecutar código arbitrario a través de un valor s->rx_level manipulado en un imagen savevm. Sibiao Luo discov... • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=caa881abe0e01f9931125a0977ec33c5343e4aa7 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.4EPSS: 6%CPEs: 92EXPL: 0CVE-2013-4530 – Mandriva Linux Security Advisory 2014-220
https://notcve.org/view.php?id=CVE-2013-4530
08 Sep 2014 — Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image. Desbordamiento de buffer en hw/ssi/pl022.c en QEMU anterior a 1.7.2 permite a atacantes remotos causar una denegación de servicio o posiblemente ejecutar código arbitrario a través de valores tx_fifo_head y rx_fifo_head manipulados en un imagen savevm. Sibiao Luo discovered that QEMU incorrectly hand... • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=d8d0a0bc7e194300e53a346d25fe5724fd588387 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 6%CPEs: 92EXPL: 0CVE-2013-4539 – Mandriva Linux Security Advisory 2014-220
https://notcve.org/view.php?id=CVE-2013-4539
08 Sep 2014 — Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image. Múltiples desbordamientos de buffer en la función tsc210x_load en hw/input/tsc210x.c en QEMU anterior a 1.7.2 podría permitir a atacantes remotos ejecutar código arbitrario a través de un valor (1) precision, (2) nextprecision, (3) function, o (4) next... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5193be3be35f29a35bc465036cd64ad60d43385f • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 5%CPEs: 92EXPL: 0CVE-2013-4537 – Mandriva Linux Security Advisory 2014-220
https://notcve.org/view.php?id=CVE-2013-4537
08 Sep 2014 — The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image. La función ssi_sd_transfer en hw/sd/ssi-sd.c en QEMU anterior a 1.7.2 permite a atacantes remotos ejecutar código arbitrario a través de un valor arglen manipulado en un imagen savevm. Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. A local user could possibly use this flaw to cause a denial of service. Michael S. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a9c380db3b8c6af19546a68145c8d1438a09c92b • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 6%CPEs: 92EXPL: 0CVE-2013-4538 – Mandriva Linux Security Advisory 2014-220
https://notcve.org/view.php?id=CVE-2013-4538
08 Sep 2014 — Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image. Múltiples desbordamientos de buffer en la función ssd0323_load en hw/display/ssd0323.c en QEMU anterior a 1.7.2 permiten a atacantes remotos causar una denegación d... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ead7a57df37d2187813a121308213f41591bd811 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •